Corona presents many challenges – all around. Many of us now have to work from home, the best we can. This presents a number of new challenges for IT security.
Flexible working hours and working from home a few days a week have become more common, and some have reduced their travel for environmental reasons. But for many of us, the corona crisis creates a whole new and unfamiliar situation – and that makes us vulnerable.
It aggravates the general problem of hackers and cybercriminals trying to exploit us and in an inattentive or distracted moment, we can fall into one of their cunning traps.
Corona-related problems can be used to trick you because the problems are unusual and need to be taken seriously. It is important that we follow the advice of the authorities. But what if the email or text message you respond to doesn’t actually come from the authorities?
Digital virus in the shade of the corona
CEO-fraud and ransomware attacks are likely to occur more often than ever in the near future, warns both the Danish Center for Cyber Security and the BBC.
It is at times like this that we must make extra efforts to ensure that nothing goes wrong. So what can you do?
Here are some tips:
• Confirm information if you have the slightest suspicion that it does not come from a colleague, manager or relatives by calling or texting back the number you have for the person in your phone.
• Do not respond to an inquiry unless you have the time and opportunity to investigate and confirm that it is genuine.
• Also, keep in mind that data protection rules still apply, notwithstanding that we are in an exceptional situation. Sensitive data is still sensitive in a coronavirus age, and the normal rules for protecting the assets of the company are still valid.
• Avoid papers with confidential information at home – all papers, notes and any “sticky notes” must be disposed of securely. Store them in a safe place until you can shred them at the office.
• Don’t make phone calls with customers or work colleagues near your family.
• Decorate a small office area so you can work and talk undisturbed.
• Be very careful about using your personal computer, tablet and phone for work purposes. Only visit work-related websites. Contact your employer to hear about the guidelines. One of the most important is that you do not let your children, friends or family use the IT equipment that you have been provided at your workplace. And avoid using your work computer to browse the web and online games.
• Do not install programs or connect equipment that is not work related to your computer.
• When you move outside and want to connect to a free wi-fi network, use a VPN. No VPN, no free wi-fi.
• Depending on the type of connection you have to your workplace, it may be important that you log on to VPN before logging on to Windows so that you have a secure connection right from the start and that all your programs work just like in the workplace. If your computer is on standby or VPN is disconnected, the same principle applies: restart your computer and log on to the VPN before logging on to Windows again.
• Remember all the other good safety precautions – such as locking your computer every time you leave it
• Enter the support phone number into your phone so that you have it handy if you have problems, for example, lock yourself out of your computer.
• Contact Support if you suspect that your computer is behaving strangely.
Remember to think about IT security, even if you sit and work in cozy, homely surroundings.
Our collective responsibility
At Geelong Media, we would like to express our support and support to anyone who is directly or indirectly affected by this pandemic.
The world confronts a pandemic with major health impacts and financial consequences. At Geelong Media, we encourage our leaders and everyone else to “go hard and go early” on the virus – the sooner the better, just as we have been saying for years that we must go about tackling the climate crisis. Waiting only makes the problem worse.
As we see it Geelong Media, the corona crisis and the disruptive measures now being implemented are not just about whether you as an individual are at risk of getting sick from the coronavirus. It’s about our collective responsibility.
We perceive ourselves as part of society and, as a result, we act in a responsible, preventative way, where with our modest contribution we hope to be able to help make society work, now that many people have to work from home. We should all strive to protect the particularly vulnerable groups by helping to avoid overloading the health care system.
This means Geelong Media has gone into volunteer self-isolation and primarily work remotely with our clients.
→ Sucuri – 19 March 2020:
Tips for New Remote Workers
“With the new pandemic hovering over our heads, the main piece of advice from most countries is stay home. Working remotely is a new reality for many people around the world, and Sucuri can help you make this new endeavor easier for you. We have been an entirely remote team since the creation of the company, more than 10 years ago. Working from home has its perks and challenges. We asked our colleagues what recommendations they had for people who are starting to work from home as well as some advice to mitigate cybersecurity risks.”
“With everyone working from home, VPN security has now become paramount. Thousands of COVID-19 scam and malware sites are being created on a daily basis.”
→ ZD Net – 18 March 2020:
Roundup: Coronavirus COVID-19 pandemic delivers array of cybersecurity challenges
“As the COVID-19 outbreak threatens to overload the healthcare system and the global economy, it’s also having a powerful impact on the security of businesses and individuals.”
→ The New Daily – 17 March 2020:
Coronavirus scam text message in circulation
“Australians are being urged to look out for scam text messages that are circulating, pretending to be from the government.”
→ BBC News – 13 March 2020:
Coronavirus: How hackers are preying on fears of Covid-19
“Security experts say a spike in email scams linked to coronavirus is the worst they have seen in years.”
→ SANS Institute Security Awareness – March 2020:
Top 5 Steps to Securely Work from Home (PDF)
“We know that working from home can be new to some of you, perhaps overwhelming as you adjust to your new environment. One of our goals is to enable you to work as securely as possible from home. Below are five simple steps to working securely. The best part is all of these steps not only help secure your work, but they will make you and your family far more safe as you create a cybersecure home.”
→ SANS Institute Security Awareness – 11 March 2020:
Top Three Behaviors for Creating a Cybersecure Remote Workforce
“With the outbreak of the Coronavirus, a key challenge many organizations are facing is enabling their workforce to work from home. For many organizations, this is something new, often lacking the processes, policies and technologies that enable people to do so safely and securely. In addition, when people work from home they lack many of the typical security controls you find in organizations, exposing them to far greater risk.”
→ SANS Institute Security Awareness – 6 March 2020:
What to Communicate Internally About Coronavirus Scams
“This is a great time to reach out to your workforce and help them better understand the risks and secure themselves, both at home and at work.”
→ Sucuri – 27 March 2020:
VPN: A Key to Securing an Online Work Environment
“The current COVID-19 epidemic is changing the way people work, rapidly moving to working remotely as I have done for 20 years. I am providing this advice for smaller businesses that should leverage virtual private networks (VPNs) to enhance your security.”
Danish Centre for Cyber Security:
Good advice on homework
1. Good advice for the organisation
· Make sure that all employees can be communicated and that they are familiar with the communication channels they have decided.
· Be aware of the increased threat picture where criminals try to exploit this situation. For example, they will try to spread ransomware and send phishing links and sms, under the guise of corona.
· Make sure employees know the remote access processes and test that they work (e.g. VPN, multi-factor authentication, etc.)
· Ensure that the infrastructure that supports remote access has the capacity and licenses enough to cover the increased number of users who need simultaneous access.
· Make sure that automatic updating of employees’ work computers also works when working from home. If this is not an option, employees should be reminded to update them regularly.
· Be aware of the risks of any temporary access or permit, and reassess them when the need is no longer present.
· When the situation is normal again, remember to gather lessons to improve remote access, processes and contingency plans.
2. Good advice for the employee
· Use the tools and communication channels your workplace provides, and keep in mind that security policies also apply when working from home. For example, be aware of rules for using e.g. private mail accounts and file exchange services.
· If your work computer is not kept up to date automatically, be sure to keep it updated yourself.
· Test that your remote access works so that any problems can be remedied immediately.
· Be aware of any fake emails or sms you receive under the cover of news about corona.
· Also remember to protect the physical access to your work computer when working from home.